Friday, May 30, 2014

Twenty Critical Security Controls

Last year, the Center for Strategic and International Studies (CSIS) released Version 4 of the Twenty Critical Security Controls as was determined by a consortium of representatives from the NSA, US CERT, the DoD's JTF-GNO and Cyber Crime Center, the DoE, the State Department, and some top commercial forensics experts and pen testers from the banking and critical infrastructure sectors.

The critical controls identified by the workgroup focus on four basic tenets:

  1. Offense Informs Defense: Using knowledge from actual attacks to build effective defenses
  2. Metrics: Establishing metrics standards to measure the effectiveness of security
  3. Continuous Monitoring: Continuous monitoring/auditing to validate whether security measures in a timely manner
  4. Automation: To achieve reliable, scalable, and continuous measurements of controls
The controls identified are worthy of consideration by entities of all sizes. To read more, click this link.

No comments: